Apple has fixed a severe security flaw that threatened all supported versions of macOS, one week after the flaw was publicly disclosed.
The vulnerability, detailed in our report on February 3, permits full system takeover by remote attackers or malware. The attackers or malware would have to first use other methods to first gain access to a Mac, but that’s not as hard as it sounds.
To update your Mac, click the Apple icon at the top left of your desktop screen and select System Preferences from the drop-down menu. Then click the Software Update icon in the selection screen. You may also get notifications that a new update is available.
After the update is finished, you should be running macOS Big Sur 11.2.1, macOS Catalina 10.15.7 or macOS Mojave 10.14.6. If you’re running macOS High Sierra 10.13 or earlier, it’s time to upgrade to a newer version of macOS because the older versions aren’t fixing this very serious flaw.
Beating back the Baron
The vulnerability, called “Baron Samedit” by its discoverers, has to do with the “sudo” command found on almost all Unix-derived operating systems, including macOS and Linux.
Sudo temporarily gives full system access, or “root,” to users who already have administrative privileges. With root, a user can make almost any change to the operating system, which is why even admin users don’t normally have such powers. Regular users without admin privileges normally can’t access sudo.
Baron Samedit, first disclosed on Linux in late January, gets around this privileges hierarchy. It lets any user, even one without admin rights, gain root without using an admin password. Because of this, an email attachment or a web link opened by a non-admin user could end up taking over a machine.
The major Linux distributions fixed the vulnerability before it was publicly revealed. But while it initially looked like macOS might be immune to the Baron Samedit flaw, a security researcher soon found an easy workaround that made exploiting the flaw possible on Macs.